Executive Summary

Summary
TitleVulnerability in Windows Kernel
Informations
NameMS11-087First vendor Publication2011-12-13
VendorMicrosoftLast vendor Modification2011-12-13
Severity (Vendor) CriticalRevision 1.0

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Severity Rating: Critical

Revision Note: V1.0 (December 13, 2011): Bulletin published.

Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits a malicious Web page that embeds TrueType font files.

Original Source

Url : http://technet.microsoft.com/en-us/security/bulletin/MS11-087

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:15645
 
Oval ID: oval:org.mitre.oval:def:15645
Title: TrueType Font Parsing Vulnerability (CVE-2011-3402)
Description: Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-3402
Version: 25
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft Silverlight 4
Microsoft Silverlight 5
Microsoft Office 2003
Microsoft Office 2007
Microsoft Office 2010
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15290
 
Oval ID: oval:org.mitre.oval:def:15290
Title: TrueType Font Parsing Vulnerability (CVE-2011-3402)
Description: Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-3402
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Microsoft Lync 2010
Microsoft Lync 2010 Attendee
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13998
 
Oval ID: oval:org.mitre.oval:def:13998
Title: Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege
Description: Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-3402
Version: 7
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os2
Os3
Os5
Os2
Os2

OpenVAS Exploits

DateDescription
2012-06-13Name : Microsoft Lync Remote Code Execution Vulnerabilities (2707956)
File : nvt/secpod_ms12-039.nasl
2012-05-14Name : Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)
File : nvt/secpod_ms12-034_macosx.nasl
2012-05-09Name : MS Security Update For Microsoft Office, .NET Framework, and Silverlight (268...
File : nvt/secpod_ms12-034.nasl
2011-12-14Name : Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2567053)
File : nvt/secpod_ms11-087.nasl
2011-11-07Name : Microsoft Windows TrueType Font Parsing Privilege Elevation Vulnerability
File : nvt/gb_ms_truetype_font_privilege_elevation_vuln.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
76843Microsoft Windows Win32k TrueType Font Handling Privilege Escalation

Information Assurance Vulnerability Management (IAVM)

DateDescription
2012-05-10IAVM : 2012-A-0079 - Combined Security Update for Microsoft Office Windows .NET Framework and Silv...
Severity : Category I - VMSKEY : V0032304

Snort® IPS/IDS

DateDescription
2014-01-18multi-hop iframe campaign client-side exploit attempt
RuleID : 29025 - Revision : 1 - Type : MALWARE-OTHER
2014-01-18multi-hop iframe campaign client-side exploit attempt
RuleID : 29024 - Revision : 1 - Type : MALWARE-OTHER
2014-01-18multi-hop iframe campaign client-side exploit attempt
RuleID : 29023 - Revision : 1 - Type : MALWARE-OTHER
2014-01-18DNS request for known malware domain kjyg.com
RuleID : 29022 - Revision : 1 - Type : BLACKLIST
2014-01-18DNS request for known malware domain apfi.biz
RuleID : 29021 - Revision : 1 - Type : BLACKLIST
2014-01-18DNS request for known malware domain 4pu.com
RuleID : 29020 - Revision : 1 - Type : BLACKLIST
2014-01-10Blackholev2 exploit kit JNLP request
RuleID : 27070 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10Blackholev2 exploit kit landing page - specific structure
RuleID : 27067 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10iFramer injection - specific structure
RuleID : 26617 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10Multiple exploit kit successful redirection - jnlp bypass
RuleID : 26541 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10iFramer injection - specific structure
RuleID : 26540 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit java payload detection
RuleID : 26512 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10Sakura exploit kit redirection structure
RuleID : 26511 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit pdf payload detection
RuleID : 26510 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10Multiple exploit kit java payload detection
RuleID : 26509 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit landing page - specific structure
RuleID : 26507 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit jar file redirection
RuleID : 26506 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit malicious jar download
RuleID : 26256 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit redirection page
RuleID : 26254 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit MyApplet class retrieval
RuleID : 26229 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit redirection page
RuleID : 26228 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit landing page
RuleID : 26091 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit Portable Executable download
RuleID : 26056 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit malicious class file download
RuleID : 26055 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit malicious class file download
RuleID : 26054 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit malicious class file download
RuleID : 26053 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit malicious class file download
RuleID : 26052 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit malicious jar file download
RuleID : 26051 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit SWF file download
RuleID : 26050 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit EOT file download
RuleID : 26049 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit PDF exploit
RuleID : 26048 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit redirection structure
RuleID : 26047 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit landing page
RuleID : 26046 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit Portable Executable download
RuleID : 25968 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit malicious class file download
RuleID : 25967 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit malicious class file download
RuleID : 25966 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit malicious class file download
RuleID : 25965 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit malicious class file download
RuleID : 25964 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit SWF file download
RuleID : 25963 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit EOT file download
RuleID : 25962 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit former location - has been removed
RuleID : 25960 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit malicious class file download
RuleID : 25959 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit malicious class file download
RuleID : 25958 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit malicious class file download
RuleID : 25957 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit malicious class file download
RuleID : 25956 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit malicious jar file download
RuleID : 25955 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit SWF file download
RuleID : 25954 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit landing page
RuleID : 25953 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit landing page
RuleID : 25952 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit EOT file download
RuleID : 25951 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit PDF exploit
RuleID : 25950 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit java exploit retrieval
RuleID : 25862 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit java exploit retrieval
RuleID : 25861 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit landing page
RuleID : 25860 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit malicious jar file download
RuleID : 25859 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit Java exploit download
RuleID : 25858 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit PDF exploit
RuleID : 25857 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit EOT file download
RuleID : 25598 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit EOT file download
RuleID : 25597 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit EOT file download
RuleID : 25596 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit java exploit retrieval
RuleID : 25595 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit java exploit retrieval
RuleID : 25594 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit java exploit retrieval
RuleID : 25593 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10Cool Exploit Kit SWF file download
RuleID : 25576 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10Cool Exploit Kit SWF file download
RuleID : 25575 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10Cool Exploit Kit SWF file download
RuleID : 25574 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10Cool Exploit Kit SWF file download
RuleID : 25573 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit java exploit retrieval
RuleID : 25510 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit pdf exploit retrieval
RuleID : 25509 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit java exploit retrieval
RuleID : 25508 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit pdf exploit retrieval
RuleID : 25507 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit EOT file download
RuleID : 25506 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit EOT file download
RuleID : 25505 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit java exploit retrieval
RuleID : 25328 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit pdf exploit retrieval
RuleID : 25327 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit java exploit retrieval
RuleID : 25326 - Revision : 10 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit pdf exploit retrieval
RuleID : 25325 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit landing page detected
RuleID : 25324 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit EOT file download
RuleID : 25323 - Revision : 10 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit EOT file download
RuleID : 25322 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit 32-bit font file download
RuleID : 25056 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit 64-bit font file download
RuleID : 25055 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit requesting payload
RuleID : 25045 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit 64-bit font file download
RuleID : 24784 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit 32-bit font file download
RuleID : 24783 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit outbound request
RuleID : 24782 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit outbound request
RuleID : 24781 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit - PDF Exploit
RuleID : 24780 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit - PDF Exploit
RuleID : 24779 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10Cool exploit kit landing page - Title
RuleID : 24778 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation o...
RuleID : 20735 - Revision : 10 - Type : FILE-OTHER

Metasploit Database

idDescription
2014-11-14 Windows Gather Forensics Duqu Registry Check

Nessus® Vulnerability Scanner

DateDescription
2012-06-13Name : Arbitrary code can be executed on the remote host through Microsoft Lync.
File : smb_nt_ms12-039.nasl - Type : ACT_GATHER_INFO
2012-05-09Name : The remote Windows host is affected by multiple vulnerabilities.
File : smb_nt_ms12-034.nasl - Type : ACT_GATHER_INFO
2012-05-09Name : A browser enhancement on the remote Mac OS X host could allow arbitrary code ...
File : macosx_ms12-034.nasl - Type : ACT_GATHER_INFO
2011-12-13Name : The remote Windows kernel is affected by a remote code execution vulnerability.
File : smb_nt_ms11-087.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 11:47:09
  • Multiple Updates
2014-01-19 21:30:45
  • Multiple Updates